IAM
To deploy the gateway using Scaleway IAM, we recommend the following setup:
Create a new Scaleway project
Create an IAM application scoped to this project
Add a policy with this application as principal
Add the following rules to the policy:
Serverless ->
ContainersFullAccess
Managed services ->
ObservabilityFullAccess
Managed databases ->
RelationalDatabasesFullAccess
Security and identity ->
SecretManagerFullAccess
Create an API key for the application
Use this API key’s secret key and access key when deploying your gateway (see below)
By scoping the API key to the new project, you limit the privileges of the key to resources within that project.
Using an API key
The easiest ways to use an API key are via:
A profile in your Scaleway CLI config file (either set as the default, or using the
--profile
argument for the gateway CLI)Environment variables, setting
SCW_ACCESS_KEY
andSCW_SECRET_KEY
in the environment where you runscwgw
See Deployment for more information on how to use both approaches to configure your Scaleway CLI.